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Methods and systems for context^ware policy determination and enforcement 



(57) Context aware computing systems and meth- 
ods are described: In one described embodiment, de- 
vices and methods are provided that are context-aware 
(in one example-location-aware) in that they provide for 
the application and enforcement of various policies as 
afunction of context. Specifically, various computing de- 
vices, through the described methodologies and struc- 
tures,' are able to automatically detennine their context. 
Once context is detennined, a collection of policies can 



be evaluated to provide a resultant set of policies that 
apply to the given context. The resultant set of policies 
are then enforced, typically via the device's operating 
system. Policy enforcement can invoh^e promulgating 
new settings or state to applications that are executing 
on or off the device. Advantageously, the devices and 
methodologies can adapt the resultant set of policies as 
the device's context changes so that the policies can be 
dynamically detenmined and enforced automatically as 
the device's context changes. 
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Description 
TECHNICAL FIELD 

[0001] This invention relates to generally to the area of context-aware computing or ubiquitous computing. 
BACKGROUND 

100021 TheWoridWideWeb(VVWW)wascreatedtomakecontentavailablefromanysour^ 
he world users of the Web are able to generally access a seemingly Infinite number of resources v ^ the Web^T^e 
Sas been highty successful in thte regard. Yet, with the evoiu^on of the Web. certa.n nee«n ^^.^'^^ 
simcaily. people continue to have a need to access inforniadon that has a contextual aspert to *^J^«t 
«m?sJndLualswi,,fmdthemselvesinacomputingenvironmentthat«^^ 
Jthe environment cannot be easily incorporated into the present computmg environment. As 
the intext of location. People generally have a need to access lnfom«tion, data, resources and the "ke. Jat have 
giTjrc ITnstons to th'em' For example. IndMduals may desire to take advantage of --f-p; P^^^^^^^^ 
aldose in proximity to where they currently are located. In this regard, it is desirable to understand the mdividual s 
^ntela l<SZ so that servici. goods and the like can be made avatoble to the '"^^^-'^^^^^^^^^^ 
continues to grow in importance, the necessity of bringing people, places, services and goods together in an efficient 

" S^tSS'CSXeteenmadetob.ngp 

Ets hav^^reraJy approached the problem from different directions in an often t^es incompatible manner. As 
aSprconsider theltext of location. Some services have ^^^^^ 
dLSrae S^tabases that maintain infomiation about the servk^^ 

tSn a we? ^S>te database where each restaumnt is associated with a zip code in whteh the restaurant is 
N^"n a^r<te^res to locate a particular restaurant, they might s»np^ enter the zip «,de where they are 
SS trsi a Itet of corresponding restaurants in that zip code. From the list of restaurants, they might be able to 
TeSt e oTtwo ri nts Of InterLt This approach Is undesirable for a number of reasons^ First, the ope-tion ^ 
Ss°^ is dependent upon a central server that is responsible for receiving user queries and executing the queries 
tStJ^e iSation o L user. In the event the server faite, so too does the service. In additiorj. th« partcular 
le^temtaXsuitedtofindng restaurants, but possibly not other busine 
fhTriuSemtumedtotheusermayfoistsomeoftheseamh burden ontheusera 
naS^rpSrbuthastofurtherexplorethelist^^ 

may indude some ;estaurants that are blocked by some type of a physteal barrier (i.e. a nver. mountain, etc.) that 

t^lei^rd^odsattheclo^and most convententlocation.Acquiring the serv^^ 
th JliTS^^he^L "out on the nef Is not appropriate If you need them to fill a cavity or undog a sink. Lookmg for 
the nearest hotdoq While in a Stadium requires you to Stay in the Stadium. ^ ^ . 

40 S -^^^^^^^^ need to be able to create context-aware computing in which corriputing devices ^ 

SU^nLrparticularcontext.lnspedfccircumstances.therearen^^ 
Stong'^Cical lections In both pubik: and private views of the world. To date however, 

view of the world that wouW unlock the potential of context-aware computing. Context-aware computing is much more 
than iust position awareness— although this is a very big field in and of itself. 
45 Si ?hiinventionaroseoutofconcemsassodatedwithdevelopingastandardi2ed.context-a^^ 

and related systems to unlock the potential of context-aware computing. 
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rOOOTl Context aware computing systems and methods are described. In one described embodirnent devices and 
Kds^eTrdedthatarLrJe^awareOnoneexampl^iocation-aware)^^ 

and enforcerSent of various polides as a function of context. Specifteally, various computing devices, through the 
^bLdrtSologlesandstmcture^ 

a^Sion of polid^ can be evaluated to provide a resultant set of policies that apply to the given context The 
LlS^set7poSesarethenenforced.,ypica«yviathedev^ 

promulgating new settings or state to applk^ttonsthat are executlngonorofi the devk«.Adva^^^^^ 

and methodologies can adapt the resultant set of policies as the device's context changes so that the policies can be 

dynamically determined and enforced automatically as the devkse's context changes. 
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BRIEF DESCRIPTION OF TtiE DRAWINGS 
[0008] 

Fig. 1 is a diagram of an exemplary computing device that can be used in accordance with the deschbed embod- 

Hgti's a conceptual dtegram of an exemplary Master World and an exemplary Secondary World in accordance 

Fig' ITs a^^ C^s?S-lew of a Master WoHd and a Secondary World and their rela«on to one another. 
F g 4 fe a fl^ digram that describes steps In a method In accordance with the descnbed embod men . 
Rg 5 fe a fl^ dia^am that describes steps in a method In acconlance with the descnbed embodiment. 
Fig 6 is a high level diagram of an exemplary computing device architecture. 
Fig'. 7 is a somewhat more specif io view of an exemplary computing •l^"'^ "f-f ^l.^^ ^odim«nt 
Fig. 8 is a flow diagram that describes steps in a method in accordance wrth the descnbed embodjnen . 
F g 9 is a flow diagram that describes steps in a method in accordance with the descnbed embodiment. 
Fig 10 fe a flow diagram that describes steps in a method in accordance wfth the descnbed enrbodiment. 
Fiq 11 is a side elevationai view of an exemplary location beacon In accordance with one embodiment 
Fig: 12 is a block diagram that illustrates an architecture In accordance with one descnbed ^mbMUment. 
Fi^Sisablockdlagram that illustratesapolicy collection that can be provided in accordance** 

S^M fe a"tow diagram that describes steps in a method in accordance wrth the described embodnient. 
ng. 15 is a flow diagram that describes steps in a method in accordance with the descnbed embod^ient. 

DETAILED DESCRIPTION 
Overview 

[0009] TO provide a standardized solution, embodiments described Just below provWe « """^^-^^f^";"" 
S The uniform definition Is defined In tem^s of a hierarchteal tree of nodes, where each "°f ^^^J^tten^ 
Tspit of the world. Each node is connected to at least one other node by a branch An exernplary cte^rf^J'^" ^ 
mdStakesplaceonaphysicallevel(e.g.physk«l locations such as politfcal entities, mfrastmctu 

ola^sri weTL a non-physfcal level (e.g. military APOs). This hierarchteal nodal structure .s refen-ed to as the 
Woriran?te a stal^^^^^ view worldwide. Each node of the Master World has various att*utes -socia^ 
ShTailst in context-aware computing. Exemplary attributes ind^ 

Tard^on^de^lative .nportance. contextual parents to name just a few. The Master World is useful be^se 
Sn be us3rd;tem,ine the relative location of a place anywhere in the wortd and at any definable granulanty. 
mm TrcB an Indh^dual's location or a place an Individual is interested in is detem,ined. vanous services ma 
Knee tJ^c^tL can be offered to the IndMdual based on their locatten. Th« 
World rriodel in the ability to tie servtees to nodal locations in the Master Wortd. 

;^0^?] B*lgonthlS:onc^^^ 

'p^iTa secondary world is a powerful computing mechanism whereby indMdual ^"^"^^^"'l-^"^^^^^ 
orqanteations) can define their own particular worlds that need not necessanly confom, to the M«f ^o'ldv'^^^' 
^rrrW. -^at is. while the Master World Is essentially a physteal hierarchical representation of *e woridj^^e S^^^^ 
onto^ Worids can be physical and/or logical representattons of each individual entities' world view. One particularly 
us?u7ii?orrs^ndary Worid fe that it links, at at least one point, into the Master World. Th-^ w«^'n 
S^nd^J world, a use^s location not only wrthin the Secondary WorW. but the Master Wortd as wdl can be deter- 
m^d vLus sen,ices can be attached to the nodes of the secondary worid. 

t^^variousservk^sthatareassociatedwithSecondaryWorldnodescanbeofferedtotheuser.lna^^^^^ 
thLser'scontext is detem,inedrelativetotheMasterWorkl.other services that may notbe associated withaparticul 

Leslnthedescribedembod-^entthezones are subdMded through the usee aquadtreea^^^^^^^ 
ent on a density function (although many other spatial index approaches can also be used). ^^fjf ''^^"^'J 
level is achieved (density might be defined in tem« of points of interest per zone), each node on the ^^^r W^^^^^^ 
asslgnedapartteulargeozone.Geozones enable proximity calculatk>ns to be computed inafast and straight fow^^^ 



SSJir A useful aspect of the Master and Secondary Worids are that they are "reachable" from various computing 
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For example, the Secondary World can be ,L the Master Worid and one or more 

context wkhin the Secondary World. Once become available to the user. For exanjpie, 

SecondavWor1ds,avahous robust collectiono^^^^^^ 

speciflcSeconda-yWoridservicesc^nbeo^^^^^^ 

other secondary Worlds might also be f ^'^J^^'"^^"^ ! "'^^^ ^ore Secondary Worlds together, 
secondary Worids. In this way, the M^^^^^^^^ '"^rham^ the computing power of each computing devjce 
10015] Another aspect is that the described Master Worid and one or mo.B Secondanr Worlds 

KdetLining the device's location. Here, by ^'-^f^f^ Jl^^^f^^^^^^^ device ftself determines its own context, 
eachable by the devfce (and possibly locally Jf" J^^^^^'^^^^^^^^ ^ utif^e the context-aware stnictures that 
[00161 one embodiment provides a d.ent ^-^^^^^'^^^^orids. The Master World or a portion thereof can 
are discussed above, i.e. the Master "iX^TnotS tocatJon, e.g. via the Web. In this embodiment, the 

be locally available on the device or can be acoe^ble ^^^^^^^^^^^ ,3 « software module that can 
client device has a location sen,ice ^^J^^f applications (either executing on the devce 

detem^ine the location of the dev«e the deviS by using the Master World and one or 

or off the device). The location serv«e j^^'S^J.^^^ through one or more Application Program Inter- 

n,ore Secondary Worids. The applicat-ons ^^^^^^JJ.^ '^^^^^^ ^ppii^tions to render a service, 
faces (APIS) or Events to get location information th^ s u^^^^^^ 

[0017] The location service makes use of one or ^J^}^^^^ ^e infomiation that can be mapped directly 
nfoj;!ationcanbeinfom«tionthatis^flctothe^^^^^^ ^^^^ e,„bal Positioning 

into a node of the Master Worid or Seconda^ .^""^.S'Setooth providers, a user interface provider and the 

" rus^b^rel^^lservlUtoascertainJ^^^^^^^^ 

[0018] Oneparticularty advantageousfeatureof thechentctev^^ infomiation to the location service so 

Z liation provider interface ^ f^'^TX^^^^-' ^^^'^ TZ 

that the location service can use the '"<°^f ^St^rSentTocation providers to provide location infomiation (or 
30 interfaceisacommoninterfacethatenabl^muM^^^ 
hint8)aboutlocationtoalocat.onsen^that,so^a^^^^ 

constantly, at intervals, or when polled by t^^'^^'^ JJf^^^J^ ^^.^i^e quality of the infomiation before it is usej. 

accuracy estimates to enable the location service to ^^^'""^J^^ ^^.^j, providers' ability to intelli- 

'j^ vaLs providers also have the f »^^° -""T^ the collection of location providers 

35 gently com^ey infomiation to the location ^^'^•^^^^'^^/"^^a^^d or removed from the collecti^^ 
Unamicallyextensibl^that is location providers can t^ a^^^ 

wlutany interferenceof thefunctionaH^;^^^^^^^ accommodating location providers ^t 

added or removed while the dev«e ^ °P^'"9 ,^1^^^ of abstraction are provided i.e. (1) the provider 

are developed in the future. In th« f (2) the API/events layer that enables applKat^ns 

40 interface that receives infomiation from the location providers a v; 

45 device to participate in its context environment .nfomiation or hints about its 'o<»«°"; ™^ '"J?;; 

[0020] in the described embodiment, the device ^^cewes 10^ Master Worid an*or Secondary World. The 

Lol . collated and mapped by ^f'"^^;^,^^^^^^^^^ location in both the Secondary World 

hierarchical trees can then be traveled ^» '^^•^"^^^^'i'Sntext. The infomiation that is collected can be subject 
the Master Wortd. At this point, the dev«e ^'^^^^^'"r^^^Xdetemiine context. The location infomiation can 
to a^itration to ensure that on^highVtrusted irfo^^^^^^^ 

becachedtoprovide-currentlocationmformation ^h-cMor^^'" ^^^^ ^^^d to ascertain location. 
Thus, if for some reason other 'ocat-on ^^e^ ^ devS So iply a security policy to the infomiation. Once th« 
r0O211 Once a device's location is detemiined. the device ^" y 

s done, the device can begin to answer queries aspect in which the devtoe can be automat- 

[0022] one aspect of the -t°*7^'^t^^^^^^ dfflerent locations, 

ically configured, when It detemiines ite different t^^^ Forexample. aso-ca ed 

[OOa] F"rther.^"°"«^^°'r*''"«^ri?fe ^S^^^^^^^ ^ 
thin provider* provides location lnfomiatK>n that is translated By uie kx; 



50 



55 



4 



EP 1 220 510 A2 



mation. A so-called "thick provider* includes logic that takes location Infonrjation and provides it In a lorn that can map 
directly into the Master World or Secondary World. 

[0024] in another embodiment location translation sewk:es are provided that are directed to determining, as accu- 
rately as possible, the context or location of the devfce. In this embodiment, information is received from the various 

5 location providers. This information includes location, accuracy and confidence (all of which are provided by the location 
provider), trust (which is assigned to a location provider by the device or a user) and a timestamp (which helps to age 
the location infonnatjon). The location translation processing involves determining which of the location providers are 
valid and active. The location providers can be ranked in accordance with the confidence and tnjst levels. This defines 
an ordered list of location providers. Provision is made for a situation in which all of the location providers may go 

10 inactive. If so, a "cunent location" Is used as a location provider whose confidence decreases over time. 

[0025] In the event that infomiation from two or more of the location providers conflicts, then measures can be taken 
to use information for which there is a higher level of trust. The information that Is provided by all of the location providers 
(assuming no conflict) can then be used to determine a tree structure and a node's entity ID (EID). The tree might be 
the Master World and the EID is a node on the Master World. The tree might also be a Secondary World and the EID 

15 (or location unique identifier or "LUID") is a node on the Secondary World. Once this infonnation Is collected, complete 
location infonriatlon can be determined by simply traversing the tree(s). Once a device's location is detennined, a 
cache can be updated with the cun-ent location (Including a time stamp). 

[0026] In another embodiment, privacy issues in the context-aware computing environment are addressed. In this 
embodiment, the location service has acquired location information that pertains to the location of a particular device. 

20 A privacy manager detemiines what level of information to provkje to applk^ations that might request the information. 
The privacy manager can reside on the computing device itself, or can be proxied by a trusted third party. 
[0027] According to liiis embodiment, a scale of privacy levels are defined. Each level is defined to include more or 
less specific infomriation about the location of a particular device. A user is able to assign a privacy level to entities that 
might request location infonriatlon. Additionally, each node of the Master World and a Secondary World can have a 

25 privacy level associated with it. When a query from an application is received, the privacy manager first detennines 
who the query is from and the privacy level associated with the application or entity. The privacy manager then evaluates 
one or more of the Master Worid and the Secondary Work) to find a node that has a corresponding privacy level. When 
a corresponding node Is found, tnformatfon at that particular granularity is provided to the requesting applk;ation or 
entity. 

30 [0028] In another embodiment systems and methods of providing a location provider in the fonri of a location beacon 
are described. In this embodiment, a location beacon is provided that can be mounted in various areas (public/private 
areas) to beacon the location to any computing devk»s within transmission range. The infonnation that is transmitted 
enables a device to determine its location or context. The location beacon can transmit infomnation that is specific to 
the location servk:e that uses the infonmation. Transmitted information can include an EiDAJRL pair, and a LUIDAJRL 

35 pair. The EID gives the node ktentification of a node in the Master Worid; and, the associated URL gives a protocol to 
communicate with the Master Worid. The URL might, for instance, link to a server that can provide additional context 
Infomiation that uses the EID. The LUID indicates a node on a Secondary World that corresponds to a current location; 
and the URL gives a protocol to communicate v«th the Secondary Worid. For example, the URL can link with a server 
that is hosting the Secondary Worid. This server can then be queried to discover more information about the Secondary 

40 Worid (i.e. Secondary Worid tree structure, location of associated resources, etc.) With the EID and LUID (along with 
the URLs), a device can now traverse the Master Worid or Secondary Worid to determine Its location. Various tech- 
nologies can be used to implement the beacon (wireless, RF, IR). The beacon can be a "program once" device to deter 
tampering. Programmable beacons can, however, be provided. Security can also be provided in the fomn of a verifiable 
signature that is provided with the beacon Infonnation to assure the veracity of the transmitted Infonnation. 

45 [0029] A useful context-aware computing aspect of the beacon is the concept of "location-e nabled access". That is, 
in addition to (or separately from) receiving location infonnation, a beacon can transmit code download pointers that 
enable smart devices to access software code that allows the device to partk^ipate in its current context. 

Exemplary Computing System 

so 

[0030] In the context of this document, the tenn "computing device" is used to refer generally to any type of computing 
device. Characteristtes of exemplary computing devk»s are that they typically include one or more processors, com- 
puter-readable media (such as storage devk^ and memory), and software executing on the one or more processors 
that cause the processors to implement a programmed functionality. In partteular embodiments, implementation takes 
55 place in the context of mobile computing devices (e.g. laptop computers and the like), and/or hand-held computing 
devices (e.g. palm PCs, wireless telephones and the like). 

[0031] Fig. 1 is a schematic diagram that constitutes but one example of a computing devfce that is suitable for use 
in connection with the described embodiments. It is to be understood that portions of the illustrated computing devk^e 
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..«„« ctevices (e q palm PCs, wireless telephones, etc.) with which 
can be incorporated in one or more ot the computing devwes (e.g. pa. 

particular embodiments are envisioned for i^^. posing units 132, a system memory 134, and a bus 

5)032] computer 130 includes one or more P™^^^^f ^^.y 134 to processors 132, THe bus 136 rep- 
36 th'at couples various system componente^^^^^^^^^^^ 
resents one or moreof any of several^pesofbusstruc^ur^^^^^^^^^ 

bus, an accelerated graphicsport, and a P^^J° access memo-y (RAM) 140. A baste input/oulpu 

memory 134 includes read ^"'y -^^^/^i .'ftret^^^^^^^ info^ation between elements with.n computer 
system (BIOS) 142. containing the basic routines tnai neip 

130, such as during start-up, is stored in ROM m ^.„g ,^ ^ jisk (not shown) 

[OOM] computer 130 further includes a ^^'^^^'^^^^^^ n,agnetic disk 148, and an optical disk dnve 150 
Uagnettediskdrive 146 for reading from ^^^f.^^^l^ a cd ROM or other optfeal media. The hard disk 
for reading from or writing to a removable °P^«^' f ^„„ecled to the bus 136 by an SCSI interface 154 

drive 144. magnetic disk drive 145, and optical J^^^^j computer-readable med« provide nonvola^le 

or some other appropriate interface. The dnv^ ^^^^'';^^^,L and other data for computer 130. ^ 
storage of computer-readable '"^^f ""^^teStm^^^^^ disk, a removable magnettedisk 148 and aj^ 

though the exemplary environment descnbed ."^^^'^ ^"^P"^^^^^ that other types of computer-readable 

movLle optical disk 152, it should be appreaated by tti^e 

Idia whtehcan store data that is ^^^^ J^.'^^^^^^:^ and the like, may also be used in the 

video disks, random access memories (RAMS), readonly 

exemplary operating environment tic disk 148, optical disk 152, ROM 

[0034] Anumberofprogrammodulesm^bestoredon^^^^^ 

38. or RAM 140, including an operating «y^^'"^^"°"^°Xfo^^^^ into computer 130 through input devjces 

162 and program data 164. A user -^2:T.s7^pT6^msi^cm^)mavnoV.^^^^^^^^ 
suchasakeyboard166andapo.nt.ngdev.ce168.a^^^^ 

25 game pad, satellite dish, scanner, 72 or other type of display device is also conne^d 

Through an interface 1 70 that is coupled to ^us 1 3^^^ ^^^^ monitor, personal computers typcally 

rn^r^rp:^;^^^^^^^^^^^^ connections to one or r.re 

0035] computer 130 commonly operates , a ne^^^^^^^^ 

30 remote computers, such as a remote computer 176. ^^^^ typical^ includes many or all of the 

server, a router, a networic PC. a peer de>nce or ° ^ storaTe device 1 78 has been illustmted 
elements described above relat^e to -°^P"^^i;3°-,^J;^^; ^ ^rea network (LAN) 180 and a wide area net«^rtc 
in Fig. 1 . The logcal connections depicted m enterprise-wide computer networi<s. intranets. 

LaN) 182. such networicing environments are commonplace in omces, en rp 

and the Internet. .„„ir„nment computer 130 is connected to the local networic 180 trough 

[0036] When used in a LAN networking ^"^""^"^^"X^^^^ environment, computer 130 typteally includes a 
[ netvlori< interface or adapter 184. ^J^" J" ^^j^,^^^^^^ „ide area network 182, such as the internet^ 
modem 186 or other means for estabteh.ng ^ bus 136 via a serial port interface 156. In a 

le modem 188. which may be interna fj^^^^^^ ^^^^^^^^^^ or porttons thereof, maybe 

networkedenvlronment.prog,ammodu^-d^^^ 

stored in the remote memory storage device « °^ jhe computers may be used, 

and other means of establishing a ^'^"""^J;"^ ' ' '^^^^ means of instructions stored at drfferent 

[0037] Generally, the data processors of computer 1 30 ^-^^^S^Programs and operating systems are typcal^ 
Les inthevariouscomputer-readable storage med^ of the^^^^ ^ .^^ secondary 

45 Stributed, for example, on ftoppy disks or CD-ROMs_ ^J^^ ^^^y irto the computer's primaiy electronte memoir 
memory of acomputer. At execution they .^'0^^^^^^^^ 

The invention described herein mcludesthese anj^^her vanousw conjunction with a microproc- 
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ieable in various computing scenanos ^^^"^^^^'ijf^r^^^^^^^ cor^puting. It is to be understood that th^ 

10 The Master World 

,00.1 AMast.Wo.d.de.nedasapo.Jic..^^^^^^^^ 

tention are accounted for by presenting a -^^^^^^^^.'.^^o* of the Master World The 

[00411 F.g.2show8anexernpiaryh.emrch^l2est^^^^^^^^^^ 

Master World contains multiple nodes 202. wrtheachnoderepre^^ g ^^^^ the following 

or natural entity) of the Earth. In the illustrated exampte. «ie nc^ of*eM 

groups: (1) political or natural entitles (e.g. ~""*rs"a^tt^ (3) public place entities (e.g. parks, 

fLJruitirrentfttes (e.g. postal -<^-^--^^^^^^^ regions, vacation regions, 

malls, airports, stadiums, and the like); «"^j4 "°"P;^^"hically discontinuous, and the like), 
affiltele coverage areas of television networks that can ^^^h. Each node underneath tt,e top 

[0042] in the Fig. 2 example, the op °' ^^'^^"^^p^^^ none of the nodes have an association wrth any 

'node lepresents a geog-aphteal dMs.on °' ^^^^^ bet^eeS en«^^ that are part of the Master World and non- 
businesses or servk^. That is. there .s a di^nctonbe^^^^ 

geographic places where activfti^ take P f^^^hough the^^^^^ ^ ^^^^^^ 

context for the tree structure as ''^f^^^^.^Ji^T^ internattonal Airport (SeaTac) will be included in the 
10043] AS an example. '^^^e^^^^^^^^^ at SeaTac might be "leaves" on the tree that are 

Master Wortd, but .Bferences to .ndMdual a'ri.ne business Ic^ .o ^^^^^ ^^^^ 

tagged by the SeaTac Airport EID (see ^^^T^^^^^^^ Bumpershoot. the Seattle Sonics NBA Team^ 

might be a node on the Master Worid. while the Seattle Arte he ^ y ^ ^^^^^^^ ^^^p,^ ^^e 

Jd the Seattle center Start,ucks coffee Shop m^^^^ 

T rM:r« ^rwrmrSS^^^^^ canyon Road in E.nsburg. Washington m.ght be 

henbeunlversally usedto assign -"^^."^^V^'n^nSoH^" te^a^^^^ ^ *e location-dependent goods or 
to correspond to a partfcular uniform ''f "^^^^^^ 

sen^fces that share the unifom, location "J^^^J^^^^^^^^^^^ be easily accessed by both provkters and con- 
world, its accurate standardized geographcdrmen^^^^^^ 

sumers. Services and product provrders (^J^ P/Zj^^^^^ persistent geographfc reference to al 

rrsrs:;;;:^;?™^^ 

P]7nr:rt.tedexam,e.thenod.oftheMj.rWo^ 

Semplary attributes are described in the table .mmediately below^ 



IS 



20 



25 



30 



35 



40 



45 



50 



55 



Attribute 



Entity ID (EID) 
Name 

Geographical Entity Class (GEC) 



Description 



T,,, riP ■- " -'1- -n foreaduiode^No two nodes have the same EID^ 



Thenametedefinedintermsoftheneutralgroundtruth(NGT)name^^^^^^^^ 
I^Tupports various language translations for ent,^a.nes^ appropnate 

n Pacific Oce an, Pazifischer Ozean. Oceano Pacrftoo. etc.) 

The GEC is a geographfeal dassH ication of each node. «n exemplary GEC « 
discussed below in the "Geozone" section. 
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10 



IS 



20 




Contextual Parent(s) 



Source 



Tiii^ii^ntsoftheparenychildrelationshipforeac^ 
Lpported(e^ 

Time Zone, and the MSNBC affiliate KING TV) 



The source of origin for the record (e.g. Microsoft or a specified data vendor) 



Date when the node information was first valid 




30 



35 



40 



45 



Entity ID 
(EID) 


24948 


Name 


Pacific Ocean. Pazlfischer Ozean, Oceano Paclfico, etc. 


Geographical Entity Class (GEC) 


138/Ocean 


Latitude ^ 


0 (+00^ 00' 00") 

-170 (-170" 00' 00") 


Longitude 

Relative Importance 


1 


Contextual Parent(s) 


Worid ___ 


Source 


MSn" GeoUnft 


Start Date 


0/0/00 


End Date 


0/0/00 


Modification Date 


01/18/00 


Status 


Active ^ 



50 



55 



Entity ID 
(EID) 


27490 


Name 


Redmond 


Geographical 

Entity Class 


78/non-capital town 
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(continued) 



10 



IS 



20 



25 



Source 



Start Date 



King, second level 
[Washington, United States] 
2. Puget Sound-Seattle, travel region 
[Washington, United States] 



MSFT GeoUnlt 



0/0/00 



35 



40 



45 



the tree structure thereby allowmg geographc anaome/ 
ship navigation. 

The Master Wbrld Index (Qeozones) ^ 

cSly return values in a query, or for nnore identrty peer level nod^ 

The Master World Location 

dependent goods and services can be linked. ^ rtion of the Master Worid. For 

S In me described embodiment, a --P"^^ W^^^^^ "^^r. « storage device, it -n compr^e P^ 
Sampte. the computing device can have the faster World save ^^^^^ ^^^^ ^ "^*"°^'"''"T 

£=rvrrMr7oriTr^^^^ 



50 



55 
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power to determine its own context or node-referenced location. That is, the computing device can detennine, through 
software it is executing, its particular focation, i.e. node. Once the computing device detenDines an associated node, 
it can simply traverse the tree to ascertain its complete location. 

[0053] For example, if a computing device determines that it is cun-ently located at a node that con-esponds to the 

5 City of Redmond, it can traverse the Master World tree structure to ascertain that It is in the State of Washington, 
Country of The United States, on the. continent of North America. By ascertaining Its precise location, the computing 
device (or its user) is now in a position to take advantage of location-dependent services that might be offered. This 
particular model is a tremendous improvement over current models that utilize a central server to ascertain location 
for a number of different devices. In that model, each device (or user) provides infonnation about its location (e.g. 

10 perhaps the user enters the zip code or city that the device is currently in) and might enter a query to find, for example, 
a McDonald's restaurant in his zip code. The server then takes this infomnation and might, for example, tell the user 
about the location of alt of the McDonald's restaurants within that zip code or city. If the servers fails in this model, then 
none of the computing devices can take advantage of its servk^. In the present model, each computing device is 
self-sustaining. Each can determine its own location, and accordingly, each device can take advantage of locatlon- 

t5 dependent services. For example, if the computing device understands that It Is located on a particular node of the 
Master World, then it can execute queries to find a McDonald's that has an EID that coresponds to the particular node 
In which the computing device is located. Particular robustness is provided through the use of the above-described 
geo-zones. The geo-zones enable proximate geographic divisions to be qutokly searched in an effteient manner. For 
example, if an individual is looking for the nearest Kinko's to make copies and none are located in the geo-zone that 

20 corresponds to the node in whteh the computing device is located, then adjacent geo-zones can be quickly searched. 

Secondary Worlds 

[0054] In the described embodiment the concept of a Secondary World is used to provide support for additional 
25 context. A secondary world might be defined by a third party organization or company and contains nodes that comprise 
physical and/or logfcal entities that are unique to that organization. The nodes of the Secondary World may or may not 
have much context outside of the partrcular organization that defined the Secondary World, since a secondary world 
could be made either public or private. The Secondary Worlds do not duplicate the Master World, but rather supplement 
it in a unique, organization specie manner. While the Master World is defined to be a widely accepted standard, e^h 
30 Secondary Worid can be a widely variant representation of an organization's proprietary view of the world. In the 
described embodiment, each Secondary World has at least one node that is linked with a node of the Master World. 
This gives the Secondary World a context or location In the Master World. Also note that in some context applfcations, 
several secondary worlds may be accessed, each providing additional context specific pieces of location data. 
[0055] Fig. 2 shows an exemplary Secondary World 204 that comprises a plurality of nodes 206. Each of the nodes 
35 206 constitutes a physk^al or togteal entHy. For example, the nodes can constitute a company, its divisions, regions 
campuses, buildings, floors in various buildings and rooms on various floors. At least one of the nodes is linked with 
a node of the Master Worid. The nodes of the Secondary World can have the same attributes as the nodes of the 
Master World. 

[0056] As an example of a Secondary Worid, consider that Boeing might define a Secondary Worid that includes a 
40 list of entities that are important to its employees. The root entity would be "Boeing Corp." and its children might be 
company divisions (St. Louis Military Division, Everett Plant, Corporate HQ, etc.). Further down the tree structure, 
individual nodes might be defined to represent tndrviduial buildings (Hanger 1 2), offices within this building (Office 1 00 1 ) , 
building areas (Southwestern quadrant of hanger 12), etc. Each entity or node has a unique identifier (Local Unique 
ID or "LUID") and a URL that is associated with the tree on which the node occurs. The URL uniquely identifies the 
45 Secondary World tree structure so that a user within that worid can determine how to interact with the worid. This 
aspect is discussed below in more detail. Boeing can then use the LUIDs to associate equipment, services, departments 
or even personnel to a physical or bgical location. 

[0057] As a more concrete example, consider Fig. 3 which shows an exemplary portion of the Master Worid 300 and 
a Secondary Worid 302. Master Worid 300 includes the following nodes: Worid, United States, Washington, Redmond, 

50 and Zip = 98052. The exemplary Secondary Worid 302 is a hierarchical tree structure that has been defined by Microsoft 
Corporation and includes the following nodes: Microsoft, Redmond Campus, 1 Microsoft Way, Building 26, 3^ floor, 
Conference Room 3173, Building 24, 2«* floor, Conference Room 1342. In this example, the Secondary World 302 
'touch points" into the Master Worid from the Redmond node, in this example, a video projector is shown as being 
associated with the node "Conference room 1342". Here, the video projector is not a node in the secondary worid. 

55 Rather, the video projector is an item in some other resource discovery servk:e (e.g. the active directory) and includes 
a location attribute that is a pointer to "Conference room 1342." There may be times, however, when nodes can be 
created in the worlds to represent tiie k>catlon of key services^the node thennselves, however, would not represent 
the services. 
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10 



IS 



20 



25 



30 



35 



could for example, be downloaded-completely or part|aily sms ^^^^^ ^^^^^ devce to as- 

Seded. It might be downloaded ^/^^^J^^^ device would, by usir,g the Se^nd^ 

certain its context within the Secondary Worid. In thje^m^ . ^ ^„ ^ t^is by traversing the ^ee 

world, compute its location within the ^^^^^^'^^^^^L TOs would, for example, give the comput.ng 
Lctire from the node ^ which it ,s current^ ^ once the Secondary World location is known, the 

device (and hence the user) a complete Sec^ndanr Worid cont^^- of the Secondary World^ 

user is inaposrtiontotake advantage ofgoodteo^se^c^^^^^^^ 

That is, once the computing device determines its seconoary 

in the secondary World. «ccociatinq goods or services with the individual nodes of the Sec- 

p)0591 Tremendous value can be ^'^^''^J'^f^^^'^^^, projector associated with it That is. the location of 
ondary World. For example. Conference Room 1 342 has a v^de p Conference Room 3173 has a presen- 

the video projector s in Conference Room I^^Assum^^^^^^^^^ ^^^^^^^ ^^^^ ,3^2. Normally an 

tatton that requires the use of the P.'^'^^^'.^.f 'he Ildeo projector other than perhaps physically cal hng 
individual would have no way of ascertaining ^^^^^J ^J^^^^^^ L example, because the use^s computing 
overtothebuildingtocheckwhetherthere is avid^^^^^ tocatethevWeo projector in Conference 

device IS able to ascertain its loca.on ^V^^^^^^^i That Inverses the Secondary World tree structure to find 
Fioom 1342. It wouW do this by simply executing software mai 

consumable based upon the user's location in the M^^^ accordance with the described embodiment. The 

Cde^Sbt^jus^^^^^ 
ToSS^p'S^^rst and second hierarch^^^^^^^^^^ 

in this example, the tree structures might be J^^^^^ f^^^^^^^^^^^ ^'xempla-y second tree structure is a 

I the internet. An exemplary first tr^e^^^^^^ « ^^"^^^ 
secondary world. Alternately, the tree structures could to* be^^^ 

SLed by thedevtee, step402 traverses multiple "«f ^ "J^^rthSm^ it as to its location at a node of one of 
^ ,n this example, the computing device '"'"^"^^^^^^^ e.g. a user can enter the inf omiation 

thTt'elThSinforrSaMoncancometotheconju^^^^^^^ 

through a User Interface (Ul) orthe location '"'9'^ 7p,ay (SpnP). Specific examples of how this infor- 

(e.g. Lugh the use of Bluetooth technology or ^'^^^'^^^^Z^.^^ detail. Regardless of how this infom^ation 
LLcanbe conveyed to thecomput.g^^^^^^^^ 



40 Defining Secondary Worlds 



45 



50 



55 



Defining 5>econaary ww.— 

L is provided that enables individual organcations t° '^jf;^"™„ti,i,d as a name space (e.g. an XML name- 
5^641 in one embodiment, each secondary ''^J^^ and the Master World will not result in 

^ace . m ensures that any overlap in names ^^T'" contain an entity idenSfied as -Chicago 

a collision. As an example, consider the tono>«ng: tt^e Master ^o^d ^'9^^^^^, (^bA) and a different 

referring the city. A secondary world that IS establ^^^^^^^ 

^ name sp»» » unlqrt ■'Tf'-^^^ZI^S'' building > ™~ 
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10 



15 



20 



25 



30 



35 



40 



« Step 502 «.n p™^ ;he ^'TZ^^^tZ^l^^''^ " ^ 

. ™nr«B,a. .nables oo««. to « fn» c. n«» .1 .1.= n«l«. 
Location as a Service 

that can be consumed by the device's user. ^,„nirtino device 600 that comprises, among other com- 

f00681 Fig. 6 Shows a high level ^^^^Jj^^lZeZX^'S^^^ -'"'^ 
ponents, a context sewice module 602 and one or more ^...^^ ,hls particular example, the 

I implemented In any suitable ^ard^-.^^e Jn^^ ^/^^^^^ 

context sen/ice module is implemented in ^^^''^^^^^fcont^ prov^^ 
servlcemodule 602 rece.es come««^^ 

tion to detemiine a cun^ent device context. In ^'^J^'^^^'^^' mfonnation in various fonns, to the context 
plemented on the device or oft the devu». The context ^^^^ 606 and convey the 

!.,h=loc«l.»p»«.r.604Mp»ttnstolh.*-«..=»™™^^ 

L ,i. »«-o. p^vlde. 604 an. '--"^^^'^^^^^^^ " »» 
module «I2 processes iheCocalKjn,r*in«Bor.mO '^'T'^!^^ ucMK selvlce r™*te 602 em 
»sliuao,esto«l.loh«has»x.se«l»e=i'^"f»^™™" 
,.e„»e».«e,»es,~«o^»d^^ 

mined, ll» devee 600 cm Dean » ""f™! 'T°"^J^,r^^ ^ to tendeied lo the device. Ir this eiampie. 
cations could be executing on the device, e.g. a browser ^P^^^^ ^^^^^ The device 

L devL. iocs,*. — , » ^ zTh^i.^:^ =00^-9 « 

pOTSI consider the I»il=»n9 "^S™ wemalionai Airport. Yoo a. schedulod to depart 

coritairrseMaslert«eddtie.artdaSecorrdaryWo« tree tor Sm™«1w™ 
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to get to your departure gate), update you on the status of your flight, and even check you in automatically for your 
flight. Consider also that as you walk through the airport your location changes. Your computing device, however, can 
receive continuous location infonnation updates so that it can continue to detemnine Its location as you move through 
the airport. At one point, as you pass a Starbucks coffee shop, your hand held devtee notifies you that if you purchase 
5 a latte at Starbucks and present your hand held device, you will receive a 50 cent discount on your latte. In this example, 
the utility of the Secondary World is demonstrated. By knowing where Ite particular customers are in its facility, SeaTac 
International is able to provide a host of services that were not possible before. 

[0074] Assume further that you are in the airport and your flight Is canceled. You must find a place to stay for the 
night. Accordingly, you wish to determine the closest Double Tree hotel because you really like the wami chocolate 

10 chip cooldes they give you when you check in. You execute a search engine on your computing device to find the 
nearest Double Tree hotel. The search engine application first determines your cunrent location in the Master World 
as indicated by the EID of the Master World node that corresponds to your location. Executing a search, the search 
engine application looks for a Double Tree hotel that has an attribute that includes an EID that matches your EID. If it 
finds one. It simply indicates for you the result. If It does not find one with the corresponding EID, it can use an adjacent 

15 geozone, to search for a Double Tree hotel. It may also provide driving directions to the hotel. The search engine 
application was able to do this because it was able to ascertain your location in the Master World. It did this quickly 
and automatically with little or no effort from you. 

[0075] Consider further that as you are driving from the airport to the hotel you decide that you want to find the 
nearest KInko's so that you can print 100 copies of a presentation that you are to give in the morning. Consider that 

20 your hand-held computing devtee is a cellular phone and that Sprint is the can^ier Sprint has defined its own Secondary 
World that might, for example, be des^nated in tenms of cell nets. By virtue of having Sprint* s Secondary World on 
your computing device, you are able to ascertain your location in Sprinf s Secondary World and, accordingly, your 
location In the Master World. Consider that KInko's also has a Secondary World that links with the Master World. By 
executing a search application on your devce, you are able to ascertain the location of the nearest Kinko's as well as 

25 driving directions thereto. All of this is possible because your device has access to the Master Worid and one or more 
Secondary Worlds. In this example, the Master World provides a mechanism to daisy chain two or more Secondary 
Worlds together. This is possible because the Secondary Worlds have at least one reference or link into the Master 
World. 

30 Exemplary Device Architecture 

[0076] Fig. 7 shows computing device 600 in somewhat more detail. In this particular embodiment, device 600 com- 
prises an architecture that Includes the following components: a locatton service module 602, a location provider in- 
terface 700, an applteation program interface (APiyEvents module 702, a privacy manager 704 a location conversion 
35 module 706, one or more applications 608 and one or more location providers 606. Also included in the architecture 
is an active directory 708, Web service 710, location database 712, and personal places 714. The architecture can be 
implemented in any suitable hardware, software, fimnware or combination thereof. The architecture mentioned above 
Is advantageous in that it enables each computing devx:e to detenmine Its own context or location. 

40 Common Location Provider Interface 

[0077] One particularty advantageous aspect of the described embodiment is that it employs a common interface 
700 that provides a standard interface through whch the location providers 606 communicate. By having a common 
interface, the location providers are extensible (to support future providers) in that they can be dynamically added or 
4S removed from the collection of locatk)n providers. All that is required of a partcular k>cation provider 606 Is that it be 
written to support the common interface. 

[0078] In this example, there are several location providers 606. These location providers provide location Inf onmation 
in different forms. For example, a GPS location provider might provide location infomrtation that is GPS specific. Sim- 
ilarly, an IP/Subnet location provider might provide infomiation that is specific to an Internet Protocol. A mobile phone 

50 location provider might provide location infomnation in the iom of a cell ID. In addition, a location User Interface (Ul) 
might provide location information In the form of a user entry that specifies a dty, street or building. All of the location 
Infonriation that is provided by the various tocation providers is processed by the location service module 602 so that 
a current devk;e location can be detennined. To determine the cunrent device location, the location service module 602 
may have to consutt with an active directory 708, a Web service 710, or a location database 712. In the illustrated 

55 example, the active directory 708 might, for example, maintain a secondary worid and other networi<ing metadata such 
as subnet and "site" infonnation that can help detemnine location based on networtcing connectivity. Web service 710 
can hoW the master or secondary worids, the attributes of which can be used to find location. For example, if a cell 
phone knows its cell tower ID, then the location provider can query the secondary worid to ascertain the nodes that 
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match thatcelltowerlD.Locationdatabase712isbasicallyaversionofthewebsen^ 
Location Providers 

roo791 Asindicateabove.thearchitecturecontemplatesmuftipledi1ferentlo^^^^ 

lou/»j «5» mui^a c ' „ . ^ ,1 - This information can come in many different fomr^s and qualrty levels. 
[0080] I ne locaiion P™y«B k continuously provide information (e.g. the GPS provider 

number of satellites). 

Confidence and Accuracy Parameters 

The GPS provider wouia men Know in provider can set a confidence parameter on the 

[0083] Witn respeci lo '"^ *~ ' ^ gome information may be accurate to within one mile. Viihile other 

location provideis e ^^"'^'^^"^riwIeS T^eT^^^ desirab^ configured to assign accuracy 

::irtorroSo^toirnC*^^^^^^ 

Ke^tonsonS^?t?u8tr^ 

^SulelS m^M r^ard comptete^ any informaflon that has a low confidence param^er. -9^; - 

hTd strilce a balance between the accuracy of the information and its confidence. For example, the module 602 might 

prinerSe^ltl^ wtth lo^er leve. of accuracy on^r when thejB ^^^-^^^^^^^^^ 
tnfoVmaHon. The module 602 might utilize the parameters to assign weighte to the Information so that the location is 
calculated as a weighted function of the confidence and accuracy of the mfonnation. 
: An^theT Jse of the confidence parameters is as foltows: Assume that the location service module has deter^ 

Sa^ereloSttonrndr^ 

te iSirnS oerhS a hlqh confidence level. Assume further that all of the other location provKlers are unavailable to 
proTi'":^onT^^^^^^ period Of time, the location seiv«. module 602 can use .he cache location as a 
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currentlocationandbe fairly confidentthat its information is generally accurate, inthisc^^ 

S iSSra linearly decLsing confidence level to the informati^^ 

the information or Informs the user that the information cannot be guaranteed. 

Locati n.Ttust.andTlmestamp 

roo861 When the location providers provide their infomiation to the location sen/lce module 602 the information can 
Ke r^Son to the confidence and accuracy parameters, the actual location infomiation .n a known form^^ 
ms7Darame^^^^^ a timestamp. The trust parameter is a metric that is assigned by the location servK^e module 602 
Hne oTm?e ofl: location providers anS def.es the trust that the loca«on service module ^-fojthe^^^^^^^ 
ocation provider. The timestamp is a metric that defines the time when the location .nformation was P«'^<ted by t^^^ 
iSon provider. Thte assists the location service module 602 in ascertaining whether .nfom,at.on « stale and m«ht 

['Mt7j"?n^ the location service module 602 has all of the location infomiation. it can then set about detemiining 

Sir^FretaMagramthatdescribesstepsinameft^^ 
is the device location. These steps are implemented by the location service module 602. 
oiwrstep 800 gets the curriit device cortext. T^ 

s sto'ed in L cache. Step 802 detemiines whether any of a number of context providers ^'^^^^^^^^^^^^^ 
context information. The location service module might do this by polling the context providers to ascertain which ^ 
S,e pmis are active and valid. Step 804 detemiines whether all of the providers are inacdve. If ail of the providers 
*e m^^e step 806 decreases the confidence in the current context over time and uses the 
device cont;xt. Step 802 then continues to monitor for current active and valid providers. If step 804 detenTunes that 
o^" ^re Of the context providers are actWe^en step 808 orders the actwe and v^^^^ 

location sen/ice module 602 orders or sorts the context providers, it does so as a function of the confidence of the 
SSS information and/or the trust that the location sen^ice module has in tt,e locatbn P^'der. Th« pro.^^^^^ 
ranked list of the tocatton providers. Step 810 checks to ascertain whether the context infomiation appears to be 
S^S' Z example, where'the context Is the kx^tion of the device, the location seMce ..odule 602 might know ma 
^eseconds ago the current location was Redmond. Washington.Acco,dingly.locat>o^^ 

he current location is Beijing. China would be incorrect. Step 812 then detemiines whether any of the «>ntext intor- 
maaon conflfcts with either the devtee's current context or the context infom,ation from other P^^f^J^^r;^^' 
the location sennce module 602 can compare the context infomiatlon from each of the P™^f 
WoSion in the cache. If any of the Informatton confltots with the cached infomiation, then the infom^ation from that 
^rrpLdercanbediscarL.Similar1y.if context infomiatton varies 

then sti 81 4 can select the context providers having a predefined level of trust and perhaps use just ^^-^ '^""^^^^^^ 
(Step 8^6). If there are no conflicts, then step 816 determines the current context based upon the mformation that « 
providediallofthecontext providers, in the described embodiment, this step is im^^^^^ 
tomaptoaparticularnodeinoneormoreofthehierarchlcaltreestructuresmenttonedabo^^ 
of thJdevic^ can be ascertained by mapping the infom,ation to a particular node, and then ^^^^ 
tree structure until the root node is reached. Step 818 then updates the current context by perhaps wnting it to the 
cache and retums to step 802 to detemiine the active and valid context providers i„,„^„tinn 
[00901 The method described above provides a way for the location service module to receive loca ion inf omiatoon 
and uL only the location infomiatton that appears mostly likely to representacurrentlocaton.Cor^^ 
can be dis,Junted or disregarded thereby assuring that only the most trusted, accurate and confident infom^tion is 
45 utilized to detemiine the device's current location. 
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35 



40 



Self Monitoring 



[00911 In addition to the confWence and accuracy parameters, one or more of the location provriers are advanta- 
50 Uuiprogfan'n^dtoselfmonitortheirownoperationforvariousirregularitiesthatcanoo^^^ 

an irregularjf. the location providers are configured to notify the location service module 602. For example, the sour<^ 
from whfch the location provWer receives its irifomiatton may go off line for a period of tme so that the location provider 
is unable to receive any additional Infomiation. In this case, the tocaUon provider might generate a provider ouT 
message and send it to the location service module 602. When the location servtee module 602 recerves the provider 
55 out"message.itcanthentak6stepstoexcludethelocationinfomiationfromthatproviderfromanylocationcala^ 

that It perfome. When the location provider's source comes back on line, it can generate a "provider on message that 
infomis the location service module 602 that it is able to transmit location infomiation to the module. Of course the 
locatton servfce module can be notified by the locatton providers on the occurrence of other operational irregulanties, 



15 



EP 1 220 510 A2 

wtth the above example constituting but one specific case. 



Applications 

that the user has gone home for the day, rt can auiomancaiiy cna y automattcaliy 



[0093] . ' 

use of the IVIaster World and one or more Secondary Worlds. 



Application Program Interface/Events 

rltr;^ wTbTdi^^^^^^^^ a sSrity por«:y or privacy polk^y can be applied to the in«on t^tore .t « 
returned to the applications. 

Privacy IManager 

pMq ,„ on. . PHW manager 704 (Hg. 7) 1= p™,Idad_A«no«n '''^r^^^ 

fSware or combination theLf . In the illustrated example, the privacy manager comprises a software module that is 
incorporated in the mobile computing device. 
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r„s^7«" 's^ f r 1-.'" ^ 

below: 
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30 



35 



40 



45 



SO 



ss 





Approximate Scale 


Level of Revelation 


0 




No location information is retumed 


10 


100,000 Km 


Planet/Continent 


20 


1,000 Km 


Country 


30 


100 Km 


State 


40 


10-100 Km 


Cily & County or Region 


50 


10 Km 


Postal Code & Phone Area Code 


60 


1 Km 


Full Postal Code (Zip + 4) & Area Code and Exchange 


70 


100 m 


Phone Number & Building/Floor 


80 


10m 


Room# 


90 


1m 


Exact Coordinates 



-.nfom. the application that the „^ ^^^J^^^^^ "XTL gives up to the n,inute weather of various 

=»^S^SHAr==tr^^^^ 

ntranet web sfte that is a trusted web site. Thus, any applicaUons assoc«ted wrth th« ^^^^ ^ 

^S^rdevice is able to do this because it has access to the Master World and one or more Secondary Worlds. 
The abow description constitutes but one exemplaiy way of accomplishing this feat. 
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Location Beacons as a L cation Provid r 

K Airr^^r^f nnB nf the location providers comprises a location beacon that beacons or transmits 
[0104] in one -"J^f^^"^' 

■rnr:rr*:trnrn^ 

the device to have a Powei-so""^;^ j on a structure 1102. Structure 1102 can be any 

[0105] Fig. 11 shows an exemplary b^conl^^OOtt^at is^^^^ a smoke detector, an electrical soclcet and the 
suitable st^cturesuch^^^^^^^^^^ 

like, inthe described ^'^'^^f"^^"^'*^ '^^^^^^ lobbies aimort gates, public places and the like. The bea- 

SS^«luUw. I" "» »"9= »*> 0«<1'»~» "™,»«at»n c» M »sea to pr»»* 

a low cost, low power alternative. 

Context Aware Enterprise Comp uting Policy 

Overview 
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romi Toalargedegree.thetraditionalmodelforestablishmentandenforcementofente^^^ 
KtohretoUto inventive newmodelsthattakeintoac^ountt^ 

SSTa^ordance with the described embod«,ent. methods and systems are provided establteh^^^^^^^^^^ 
Scinaentemrise policy that take into a^^^ 

Se deSs conSxt A device's context is ascertained and then policy associated with that context is enforced, 
^and whe^Sdevi^s -^^^^ changes, new or add.onal poik^as can be enforced if appropriate. -e p^-^^^^^ 
embodTment that Is used as an example th«,ugh the remainder of the d^cussion, the device's context ^^Pnses 
r>JceTparticular location. It is to be understood and appreciated, however, that lo«|t.on ,s used as but one exarn^e 
Ja deviS context and is used to assist the reader In understanding how the described pnncipl^ can be cmptoyed 
i,^ one sS^STSnce. Acco«lingly. other devtee contexts can be used. As an example, the context of a compirting 
dev ce ca^J^ Mto anything i!, the device's environment or pertain to what is going on around the comptrt^ 
device. Things such as ambient temperature, lighting conditions, and the like can be consKlered as defining aspects 

ril";rrtS4td%X2^^^^ computing dev.es are provided with polk^es. some of which pertainto em^- 
S^e l,nping.Thesepolfciescan be defined by system ad^^ 
Sien^r?onte^ofacJmputingdevk»changes.sot«^ 
nrexpressed in tem^sotaLmon abstract or logk^lrepresent^^^ 

The common abstract or logical representation of context can advantageously be provided through the use of the 
liov^diclS teSniques and systems that utilize primary and secondary hierarchtoal tree structures to ascertem 
S^xt a^TnirtS J. location. L 

nr location can be utilized to enable policy to be enforced as described below, 
m^^ Tn'eiLStedexa^^^ 

ext infom,ation or inf onSon associated with changes in context. Based on tt.« recejved J^P'J^ 
Seilaluatesvariouspolk^ies to provWearesuttant set of polides that are enforced on the dev^^ 

thediSs^op?ratingsy^em.Forexample.acompu^^^^ 

IrtattSIs ascertained^ described above, through the use of a secondary wortd structure on the device. When in 
thTsiure^m^^^^^^^^ 

airrnST^establisked poik^. Upon leaving the secure computing area, however, the oo;P"t.ng d^^^^^^ 
Lines its location (i.e. it detem,inesthatttis no longer tocated in the secure computingarea), 
Z^aite poltei^ to provide a new resuftant set of polides that are now enforced. The ne^ 
^nsiJ^cuments to be accessed or used when outskle of the secure area. Alternately, sensrtive portK,ns of a 
document might be blanked out when outsWe of the secure area. 

Exemplary Architecture 

r0115l Rg12showsanexemplaryarchitectureorsystemgenerallyat1200thatisconfiguredtoi^^^^ 
LwaLnSrii computing porcy.Thearchitecture can be imp^^ 

rS^bSaSereof. in *e ilStrated example, the archrteCure is implemented in software that compi^^art^ 
TntTrprisecomputing device.Asanaside.it is to be appreciated andunderstood that white ^ 
iSl^'are descried in the context of an enterprise computing device, aspects of the descnbed embodiment 
could be implemented independent of an enterprise computing device. ^„tovt ^h=„n« ^vArrts 

rai16] system 1200 comprises a context sen/tee 1202 that provides context mtomrntion « conte« char^eevente^ 
Aluftable context servtee is described above in connection with Fig. 6. A specrfic example of a context servce in the 
To^rkS^ o^serrfe ci^^ above in connection with Fig. 7. A polk:y engine 1204 ■-^^<>f^-^'JJ^Zx 
s2 for evaluating policies and detemtfning. based on the devtee-s current context, a resultant set of Po^^ that 
apSr The resultantset of policies is then enforced onthedevk».Enfo^^^^ 

new settings or-state' to various applications 1206 that can be executing on and off of the devK». 

m-TlT] Tredevteeor.morespecifically,thepolk^engine1204canreceivepoliciesfromanumberofdflerentpo^^^ 

£urL ExlJplary po ides «^ indude devfce pofcies 1 208 that pertain to the devk:e 

onhe^evicenetwrk policies 1210 

^r^ frnerric admin^trators that aLnister the networics; and ente 

prise with which the device is associated and that come from an enterpnse adm.n«trator. All of th«e Pofc-es can be 
Sro^ded as inputs to the poHcy engine whfch, as a result of a current device context, evaluates the Pol'^es^^ de^ 
Snes a resultant set orpofcies that is then enforced on the device. The policy engine 1204 can also re,j^e^ as 
Z^s, user identity and atELes 1214 and device identity and attributes 1216. AH of these Inputs can be factored 
into an evaluation that is perfonDed by the poltey engine 1204. 
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Policy Authoring 

coTe^s^ wSch po^^^ are being authored r,eed not be known at the time the polKry enfon^ement technology « 
foSr'L an example consider the following: In a particular enterprise, certain computing devices are deemed as 

ZpSS^ bo ,mde ..-able .0 »e »>/ su»*le For ««nplo. «o prt»os eon bo p«»*<l to Iho 

devices via an enterprise networic, wirelessly etc. 
P YnamIc Evaiuatlon and Enfarcem ent of Poiicies 

"m^i cte^^^ The policies can be stored on the enterpree computing dev«es andean be acquired 
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bv the computing devices in any suitable way. Altemateiy, the policies can be stored on an accessible computing device 
ITaSase^efoV^^ 

usingThe techniques describ JJabove insofar as the device has software that is able to process contex^ .n.ormahon 
Sed to it frl context providers. In a specific implementation, the context infom.ahon '^^^^-ded .n the fo^ 
Elation infomiation It is to be appreciated and understood that the computing device can deteimine its context in 
TX^y^ ie^i^y^^^'^^ directly detemiining device context through the use of a context semce, 
re comX^I^oe can deteLne its context from other devices, neh^orks. websites and the like. As an example 
cinsTdTr thTa computing device detem^ines its location using a k)cation servfce. but desires to detenriine another 
^ntei alsociated wtth th'at location. By knowing the location, the computing can access a web «f J -^J'^^^^^^^^ 
St S specific contexts for that particular tocation. Perhaps the web site tracks the temperature, l^hting condrtions^ 
X cSTan^the like. Thus.^his step can also be Implemented by the computing devtee indirectly detem^ining rts 

raSf Step 1504 evaluates the polcy collection, based on the context infomiatlon. to provkte a resultant set of 
S,lfctes tSs step can be implemented by a policy engine on the computing device. That is. this step can be imple- 
iLiVon tSe oompuSng devfce i4lf . Alternate^, this step can be implemented remotely from the computing 
rvtee arby another computing devtee such as a server that is accessible via a surtabie network. In this case it b 
J^LTbie f olTS en Jne to be located remotehr from the subject computing device on 
enfo««d Step 1506 then enforces the resultant set of policies on the device. Th« step can be implemented ^ the 
S engine causing resurtant settings or state to be promulgated to various applicatons tl,at can be ex^tng or 
SSLLn or off the device. Altemateiy. this step can be implemented by a remote computing 
se^r mentioned above, pushing down a resultant set of polcies to the computing device. Step 1508 detem.ines 
whXTere has been ; conte,^ change. This step can be niplemented by the devtee ^v»,g context inforniation 
f mm cin ext providers, and then using the context infom-ation to detemiine, based on the pnmary an*or secondanr 
hteL^hteal L stnictures, whether the devtee has in fact experienced a context change. This ^^^.^'^^'^ 
Semented by the deviceindirectlydetemiining its context as described above. If the device has expenenced a context 
^XTnTe method can branch back to step 1502 which detem,ines the new cont«=« of the device and repeats 
the steiU described above. If. on the other hand, the devtee has not expenenced a context change, then the method 
branchesbacktostep1506whichcontinuestoenforcethecurrentresultsetof policies 

roSl This process provides a system that has policies that are dynamteally adaptable to new device or "se^ ~n- 

S^EntZlJecomplg devtees that are portable can now detemiine.automattealiy.the,r^ 

Si taTare adapted to vartous contexts implemented in an automatic fashion. As devtee contex^ changes, e.g. 

S;^Sl or logical lotion, so too can the polteies that are enforced on the devtee The P°'-- ^^^'^L^^ 
teL of physL and/or toglcal location by system admWsttators who now have attheirdisposalaro^^ 

to adeauatelv orotect and administer system resources. 
piSrtirassistthe,.aderinunde,standingthe principles descTibed^^^^ 

is to be appreciated and understood that the following constitutes but exemplary scenarios in wh^h *e mventr/e 
principles canbeemployed.Thesespecifte scenarios are not intended to limit appl^^^^ 

in anyway. 
Example 1 

r01291 A partteular user has an enterprise computing device with strong (e.g. 12frbil) encryption capabflities. The 

SasVo lele the United States andtravel abroad in foreign countries visiting various dients. Fede^l n^u^tion 

prohibit the export of a computing devtee wrth 128-bit enoyption capabilities but Permrt the export 

Kencryptrcapabilities. Accordingly, when the user's de«ce detemiines, through ^-^^^^J'^ 

senrice. thaUt has teft the United States, poltey onboard the devtee causes the encryption strength to be automatcally 

downgraded. 

Example 2 

101301 Assume that a user has a portion of the file system on their computing device encrypted with a particular 
^Ztel? is desiril by the enterp^e that those specif te files not leave the United States. If the user's computing 
Telice ascertains that its location is no longer in the United States, poltey onboard j! 
certifteate to be pemianently deleted. The user must then return to the U.S. and reacquire the certifteate to access the 
portton of their file system that was encrypted. 
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Example 3 



roian A usefs computing devicecan have policy that requires the computing device to use local telephone numbers 
K ^L numbersZen attempting to establish a connection wtth an ISP for cost savings. When the user « out of 
, Ke JcJ cleMhe"^^^^^^^ devk. to call only local numbers, associated w«h the use.s present loca^on, 
to establish a connection with an ISP. 

Example 4 

10 101321 Thesystemadministratorestablishesapolicythatv.henanenterprisecomputlngdeviceisoff^^^^^^ 

Ss rSogin must be used and that two failed attempts to log onto the device automat^ally locks the de^ce 
S m^k^wn is to remain in place until the device is retur^^ 
device is stolen, it is unlikely that a thief wiH be able to tog onto the device. 

IS Examples 

roi331 Pollcv Is established by a system administrator that requires multiple authenttoation methods (i.e. smartcard 
oailrd bi^et^r^^^^ computing from outside of the corpomte campus. Accordingly, when the user removes the 
cZ^gdevtSmtecoA^ 
20 the enhanced authentication to talce place. 

Example 6 

[0134] Policyisestabllshedbyasystemadministratorthatcomputerusageandthelo^^^^^^^ 
« i,acemustbrtoggedforpurposesofaudltingorperhapsbilling,Accordmgty.ausertra^^^ 
that all computer usage is logged together with the locatton associated with the usage. 



Example 7 



40 



rmasi The coiDorate enterprise has a large campus with many buildings. Employees are typically required to travel 
Sn?«LTbS^^lS Lughout the'day for meetings, presentations and the like. For some employees, -s 
STthat t!Ly not miss phone ^lls or messages. Accordingly, the system administrator authors a polK^y that a^l or 
TeSed corn^S devices must report their location to a central server when on the corporate campus. Based on 
tht"^rt^S^!pLecallscan'beauto^^ 
individuals are located. 

Example 8 

mi361 The svstem administrator establishes a policy that while on the corporate campus, all games on enterprise 
SL^ivi ar^Sed. According^, when the computing devices detem,ine that their locatton is on the co. 
ZSp^^ policy engine causes all games on the device to be disabled. When the computing dev^e ^et^ 
!rS^gelthecor,S,atecampus. the policy engine ^^^^ 

to be enabled. 
45 Example 9 

rai371 A Dolfcv is established that the default printer for a computing device, when the computing devtoe is on the 
Sate c^S^ sh?uurbe the physical^r doLt printer. Accordingly, a computing devtee detem,ines rts location 
anT baled^n tkis detem^ination and the governing policy, automatical^ selects *e 
'he ilt printer. As the device moves about the coq^orate campus, the location mfomnabon that is 

^ tTiLlt printer. This J,licy can be disabled when the device te moved off of the corporate campus. 



SO 
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Example 10 

[01381 Theenterprisedetemiinesthatwhenanemployee-smobilephoneandmobilecomputerreport^ 

cal locations there Is a high degree of likelihood that the employee is away from their computer. (In this example both 

SmSs devices are context enabled in the sense that each can detem^ine its physical location and report that 
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Dhvsicai location to a central server). Accordingly, for security purposes, the administrator authors a policy that when 
such is the case, the login for the mobile computer is disabled. Accordingly, the login is enabled only when the mobile 
phone and the mobile computing device report the same physical location. 

Conclusion 

r0139l The embodiments described above provide a unifomn, standardized way to enhance the world of context 
aware computing The embodiments provide a way for individuals to uniquely experience the world around them by 
ascertaining their location In the world in a standard way. The embodiments also provide a way for service providers 
to uniquely position their goods and services In a manner that is sensitive to and appreciates the contexts, e.g. locations 
of various consumers of the goods and services. Unique and useful architectures and data structures are employed 
to facilitate the user^s computing experience and provide for an individuaKentricexpenence. , . , , 

r01401 Although the invention has been described in language specific to structural features and/or methodological 
steps it is to be understood that the Invention defined in the appended claims is not necessarily limited to the specific 
features or steps described. Rather, the specific features and steps are disclosed as preferred f omfis of implementing 
the claimed invention. 



Claims 

1 . A computing device comprising: 

one or more processors; 

memory operably associated with the one or more processors; 

one or more applications loadable in the memory and executable on the one or more processors; and 
the one or more processors being configured to: 

receive context Information from externally of the device, the context infomnation pertain ing to one or more 
current device contexts; 

automatically determine one or more current contexts from the context Infomnation; 

locally evaluate a collection of policies in connection with the one or more current contexts to provide a 

resultant set of policies; and 

enforce the resultant set of policies on the one or more applications. 

2. The device of claim 1 , wherein the device is configured to receive context information from multiple different context 
providers that provide different types of context information. 

3 The device of claim 1 further comprising one or more hierarchical traversable tree structures on the device, the 
tree structures comprising individual nodes each of which being associated with a device context, the device being 
configured to automatically determine one or more cunrent contexts by traversing at least one node on at least one 
of the tree structures. 

4 The device of claim 3, wherein the one or more hierarchical tree structures comprise at least one primary tree 
structure, at least one secondary tree structure, and at least one link between the primary and secondary tree 
stnictures, the link being traversable to detenmine the one or more current contexts. 

5. The device of daim 3. wherein the one or more hierarchteal tree structures provide a common abstract represen- 
tation of context. 

6. The devfce of claim 1 , wherein the devfce Is configured to detemiine the one or more current contexts dynamically. 

7. The device of claim 1 . wherein the devtee is configured to receive policies from different poltey sources. 

8. The device of claim 1 , wherein the device is configured to receive polcies from different policy sources, the policies 
from the different policy sources being defined in ternis of a common abstract representation of context. 

9. The device of claim 1 embodied as an enterprise device, the collectton of policies comprising at least enterprise 
polteies that are defined in ternis of a common abstract representation of context. 
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10. The device of claim 1 embodied as a portable device. 

11. The device of claim 1 embodied as a wireless device. 
5 12. The device of claim 1 embodied as a handheld device. 

13. A computing device comprising: 



one or more processors; 

the one or more processors being configured to: 

receive context information from extemaliy of the device, the context infom«tion pertaining to a current 

e^l^'^^roi'p^tlesontheoneormoreapp.icado^ 
that is associated with the context Infomiation. 

14. The computing devtee of cia^ 13. Wherein the one or more processors are configured to detemiin^ 
20 context from the context Information. 

25 16. A method of operating a computing device comprising: 

receding context Infom^ation from extemaliy of a computing devtoe. the context infom^ation pertaining to a 

rrg'th^tsri^pr^^^ 

17. The method of 1 6, wherein said evaluating comprises ioca.^ ev^ua«ng the collecdon of poiides using the 
computing device. 

" 1 8. The method of cb^ 1 6. wherein said evaluating comprises evaluating the coUection of po.cies remote from the 
computing device. 

19 The method of claim 16. wherein said receiving comprises receMng context information from multiple different 
' context providers that provide different types of context infonnation. 

20. The method of daim 1 6. wherein said receiving comprises wireiessiy receh^ing the context inf om,ation. 

21. The method of daim 16. wherein said automatically detennining comprises: 
providing one or more hierarchical traveiBabie tree structures on the device, the tree stnxnures comprising 

stnjctures. the link being traversable to detennine ttie device's current context. 

23. The method of ctaim 21 . wherein the one or more hierarchical tree structures provide a common abstract repre- 
55 sentation of context. 

24. The method of daim 1 6 f urttier comprising recehring policies from . multiple different policy sources. 
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25 The method of clah, 16 further comprising recelvir,g polfcies from multiple different policy sources, the policies 
■ being defined in rems of a common abstract representation of context. 

Tu .h«H „f rtaim 1 6 wherein the computing device comprises an enterprise computing device and further 
L'^pCr-tJn" ^ol'JiTS:! :SHse policy source, the po..ies being defined in tenns of a common 
abstract representation of context. 
27 one or more computer-readable media having computer-readable instructions theraon which, when executed by 
" a computer, cause the computer to Implementthe method of claim 16. 

28. A method of operating a computing device comprising: 

receiving context infom,ation from externally of a computing device, the context infom,ation pertaining to a 
trJn^t^e^tJsSofpoliciesononeormoreapp^ 

"eTSant S of policies pertaining to a context that fe associated with the context mfom,at.on that ,s re- 
ceived. 

29. The method of claim 28 furthercomprislngdetem,ining. on thecomputingdevice.acontextthatte 
the context information. 

30 The method of claim 28 further comprising locally evaluating a collection of policies responsive to receiving the 
" context infomiation. said evaluating providing a resultant set of policies. 

32. A coniputing device comprising: 
one or more processors; 

memorv ooerablv associated with the one or more processors; 

Te or mo^^ S» loadable in the memory and executable on the one or more processors; and 
the one or more processors being configured to: 

receive context infomiatlon from extemally of the device, the context infom,ation pertaining to a cun^nt 

device context; . 

automaticallvdetemiine a cun-ent context from the context infonnalion; Ho„t=»tnf 
fSSuate a collection Of policies in connection ^ 

eS'the resultant set of policies on the one or more applications; and 

responsive to receiving context infomiation that indicates a change of cun^nt context. 

locally re-evaluate the collection of policies to provide a new resultant set of policies; and 
enforce the new resultant set of policies on the one or more applications. 

33 The device of claim 32. wherein the device is configured to receh^e context infomiation from multiple different 
contact providers that provide different types of context infomiation. 

34. The devtee of dafer, 32 further comprfeing one or more hierarchical traversable ^-^'^^'^xt'thrdev^^^^^ 

rg=o:srr:r^^^^^^^ 

struc^res. 

« The device of claim 34 wherein the one or more hierarchical tree structures comprise at least one priniaiy tree 
; l^J^at LS^n^s^^^^^ tree stmcture. and at least one link between the primary and secondanr tree 
stmctures. the link being traversable to determine the device's cun-ent context 

36. The devfce of claim 34, wherein the one or more hierarchfcal tree structures provide a common abstract repre- 
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15 



20 



sentation of context. 

37. The device of claim 32. wherein the device Is configured to determine current context dynamically. 

5 38. The device of ctolm 32. wherein the device is configured to receive policies from rfrtferent policy sources. 

39 The dev-.e Of cialm 32. Wherein the device isconf^uredtoreceivepoiia^fm^ 
poiteles being defined in terms of a common at>stract represerrtation of context. 

10 AO. A method of operating a computing device comprising: 

wirelessly receiving context infom^ation from externally of a computing device, the context infom^ation per- 

enforcing the new resultant set of policies on the one or more applications. 
41 The method of Calm 40. wherein said receMng comprises receiving context informa«on from muWp.e deferent 

" context providers that provide different types of context Infomiaton. 
42. The method of daim 40. wherein said acts of automatically detemiining comprise: 

providing one or more hierarchical traversable tree structures on the device, the tree stn^tures comprising 

- =r/^rne^=;^^^^^ 

stnictur^. the link being traversable to detemiine the device's current context. 
44. The method of claim 42. wherein the one or more hierarchical tree stmctures provide a common abstract repre- 
sentation ot context. 

^ 45 one or more computer-readable media having computer-readable instn.c«ons thereon which, when executed by 
a computer, cause the computer to implement the method of claim 40. 

.46. A computing device comprising: 

4S one or more processors; 

memorv ooerably associated with the one or more processors; ^„h 
oneTr mo^; apj^tions loadable in the memory and executable on the one or more processoiB. and 
the one or more processors being configured to: 

receive location infomiation pertaining to a current device location; 
automaticallvd^ermlne a current location from the location infonnation; 

rlTlva?ara IecOon of policies i^ 

policies; and ,. 
enforce the resultant set of policies on the one or more applications. 

47. The computing device of claim 46. wherein said one or more p«x:esso,B are configured to receive location infer- 
matlon from externally of the device. 
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48 The computing device of ciaim 46. wherein the device configured to receive iocaUon information from multipie 
■ different iocation providers that provide different types of location inforniahon. 

one of the tree structures. 

SrJ^tree structures, the linlcbeingtraversabie to detemiine the devce-s current 10^^^ 

51. Thecomputing device Of Claim 49. Wherein theoneor more hierarchical treestrw^turesprovW^ 
representation of location. 

52. The computing device ofclalm46, Wherein the device isconflguredtodeterminethecurr^^^ 

53 Thecomputingdeviceof Claim 46. Wherein thedevicefeconfiguredtoreceivepoiidesfr^ 

55. A method of operating a computing device comprising: 

rpreivina iocation information pertaining to a current device location; 

device. 

57 The method of daim 55. wherein said receiving comprises receiving location information from multiple different 
" location providers that provide different types of iocation information. 

58 The method of claim 55. wherein said receiving comprises wirelessly receiving location infomiation from multiple 
■ different location providers that provide different types of location infomiation. 

59. The method of daim 55, wherein said automaUcaily detemiining comprises; 

providing one or more hierarchteal traversable tree strudures on the device, the tree structures comprising 

individual nodes eadi of which being assodated with a device location; and _ 
Sng at least one node on at least one of the tree structures to provide the curmntlocahon. 

-r,,. ^«th«rt nf rtaim 59 vrtierein the one or more hierardiical tree structures comprise at least one primary tree 
«^ teiL'^sJ^r^U^^^^^ and at teast one link between the primary and secondary tree 
stnictures. the link being traversable to detemiine the device's current locatcn. 

61 . The method of daim 59. wherein the one or more hieran:hical tree structures provide a common abstract repre- 

sentation of location. 

62. The method of claim 55 further comprising receiving polfcles from multiple different policy sources. 

; 63 The method of claim 55 further comprising receMng pol«=ies from multiple different policy sources, the polteies 
being defined in terms of a common abstrad representation of location. 
64. one or more computer-readable media having computer-readable instrudlons thereon whidi. when executed by 
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a computer, cause the computer to implement the method of claim 55. 
65. A computing device comprising: 
one or more processors; 

the one or more processors being configured to: 

receive location information pertaining to a current device location; 

locally reevaluate the collection of policies to provide a new resultant set of policies; and 
enforce the new resultant set of policies on the one or more applications. 

^. 66. The computng devtee of Calm 65. wherein the one or more processors are contoured to recede ioca«on infer- 
mation from extemally^of the device. 
67 The computing device of claim 65. wherein the device is configured to receive location infom«tion from multiple 
Ser3Ston providers that provide dWerent types of location information. 
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one of the tree structures. 

onrr^lT^Lctures. the link being traversable to detem^ine the dev^e's current locaf on. 

70. Thecomputingdeviceofclaim68,whereintheoneormorehierarchicalt,eest,^resprovideacommonabs^ 
representation of context. 

71. The computing device of claim 65. wherein the devk^ is configured to receive policies from dfferent policies 



sources. 
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■ ^ .laim ftf; wherein the device is configured to receive policies from different policies 

73. A method of operating a computing device comprising: 

wlrelessly receding iocation infom,ation- fmm externally of a computing device, the location infom^ion per- 

enforcing the n w resultant set of policies on the one or more applications. 
74. The method of dalm 73. wherein said receiving comprises receiving location infom,a,ion from multiple different 
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.ocaaon p«.viders that provide different types of kx^ation information. 
,5Thernethodofdairn73.whereinsaidactso.auton,atlca..ydeterrnin.gco.pH^^ 

,,,,,.,eor.ore— itrav^^^^^^ 

^^rtatrrr^^^^^^^ 

.e..e.et.odofo.a...S.w.ereint.eon^^^^^^^^^ 

„.T.e.et.odof.a.7S.w.erelnt.eoneor.ore.era..ca..eestruo.respro.dea«.,n.on^^ 

sentation of location. 

79. A computing device comprising: 

one or more processors; aeenna- 

the one or more processors being configured to: 
M.-me««ttolelalr,79,«»«li.»e*«l»»«»"8"^"^ 



40 



change; and . 
enforce the new resultant set of policies. 



81 . The device of claim 79. wherein the context comprises location. 
82 A method of operating a computing device comprising: 

Dolicies; and ^ . , 

enforcing the resultant set of policies on the device. 

55 83. The method of claim 82 further comprising: 

automatk^ally detem^ining when a device context has changed; 
detennining a new device context; 
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locally re-cvaluating the collection of policies in connec«on wHh the hew device context to provide a new 

resultant set of policies; and ^ ^ 

enforcing the new resultant set of policies on the device. 

, 34 Oneorn,oreco.puter.readaPle.ediahavingco.p.e^^^^^^^ 

acomputer,causethecomputertolmplementthemethodofcla.m82. 

Ssoneormoreco^puter-readablemediahavingcomputer-readableln^^^^^ 
a c^mpi; cause' the computerto implementthe method of da-m 83. 

" 86.Aprogran,n,at,leconputingdevteeprogramn«dw«h.nstnK:ti^ 

ar.Aprogranunable confuting device programmed with instnictio^^ 

« 88 Amethodofprovldlngpoiiciesforenforcementoncomputingdevicescomprising: 

prodding a representation of — ^^^^^^^^ 
rnult*,le nodes, each node representing a 0^^^ 

ex^rlrng mutiple polteies as a functfen of the representation of locafon. 

89 0neormorecomputer-readablemediahavingcompute^.eadat^.^^^ 
^" a c^mpL. cause the computer to implement the m«l,od of dam 88. 

90. A method of providing policies for enforcement on computing devices comprising: 
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. chL-i™.a~e«.e.M*=l«l.i* ?,T::'rSe™2^l.^ I«a L link be«««. the" 



DUtinq device location; and 
making the multiple policies available to computing devices. 



35 91 . A computer architecture comprising: 

acontext service that providescontextlnfom^tion or conte>dchange events that pertain to the ^^^^^ 

Jn^2mlnicat.e, UnKed with the context sen^ and conf.gu,.d to: 



or context change events; and 
enforce the resultant set of policies on a computing device. 



„. The oe^pute, .secure « c»n .1. -e p=«, en*.. ,e » reoe^ ^ 

different policy sources. 
55 95. AcomputingdeviceemlMdyingthecomputerarchitectureof ciaim91. 

96. An enterprise computing device embodying the computer architecture of daim 91 . 
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A computer system comprising: 

acontextsen,ic.thatpro>.descontextinfom,a«onorcontextchangeeventsm^^ 

TpT^^ngi:;^— oath^e, .inked with me context serv^. but remote frco, the oonpu«ng device, and 

configured to: 

or context change events; and 

provide the resultant set of policies to the computing device. 
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